promotion 1.0.7

data/lib/promotion/enforcer.rb

@@ -0,0 +1,322 @@
+require 'etc'
+require 'rexml/document'
+require 'fileutils'
+
+module Promotion	# :nodoc:
+
+# The Enforcer handles the first half of the promotion process: moving
+# the files into place, setting permissions, ensuring that users and groups
+# are set up correctly, etc.
+class Enforcer
+
+	# returns the XML specification for the selected application
+	attr_reader :spec
+
+	# root
+	DEFAULT_FOLDER_OWNER = "root"
+	# wheel
+	DEFAULT_FOLDER_GROUP = "wheel"
+	# 0750
+	DEFAULT_FOLDER_MODE = "0750"
+	# false
+	DEFAULT_FOLDER_CLEAR = "false"
+	# root
+	DEFAULT_FILE_OWNER = "root"
+	# wheel
+	DEFAULT_FILE_GROUP = "wheel"
+	# 0640
+	DEFAULT_FILE_MODE = "0640"
+	# '.' the current folder
+	DEFAULT_FILE_SOURCE = "."
+
+	# Creates a new Enforcer for the selected application.
+	def initialize(appname)
+		appFolder = File.expand_path(appname, Folders::Staging)
+		Dir.chdir(appFolder)
+		specfile = File.expand_path(Files::Spec, appFolder)
+		unless File.exist?(specfile)
+			puts("\nSpecification file #{specfile} does not exist.\n" )
+			exit 1
+		end
+		doc = REXML::Document.new(File.new(specfile))
+		@spec = doc.root
+		$log.info("\n#{'_'*40}\nEnforcer created for #{appname}")
+	end
+
+	# Enforces the conditions needed for the selected app to function properly,
+	# as specified in the deployment descriptor:
+	# - ensure that certain groups exist
+	# - ensure that certain users exist (belonging to certain groups)
+	# - ensure that certain folders exist, if not create them; set permissions correctly;
+	#   if desired, make sure they are empty
+	# - move specified files into place, set ownerships and permissions;
+	#   create empty, or make empty, or preserve contents as desired.
+	# - ensure symbolic link exists, create if missing
+	# - create a zip archive of certain files if desired.
+	def start()
+		@spec.elements.each("/Specification/Groups/Group") { |group|
+			gid = group.attributes["Gid"].to_i
+			name = group.attributes["Name"]
+			create_group(gid, name) unless group_exist?(gid, name)
+		}
+		@spec.elements.each("/Specification/Users/User") { |user|
+			uid = user.attributes["Uid"].to_i
+			name = user.attributes["Name"]
+			gid = user.attributes["Gid"].to_i
+			uclass = user.attributes["Class"] || "default"
+			gecos = user.attributes["Gecos"] || ""
+			home = user.attributes["Home"] || "/home/#{name}"
+			shell = user.attributes["Shell"] || "/bin/ksh"
+			groups = user.attributes["Groups"] || ""
+			create_user(uid, name, gid, uclass, gecos, home, shell, groups) unless user_exist?(uid, name)
+		}
+		@spec.elements.each("/Specification/Folders/Folder[@Clear='true']") { |folder|
+			path = folder.text().strip()
+			clear_folder(path)
+		}
+		@spec.elements.each("/Specification/Folders/Folder") { |folder|
+			path = folder.text().strip()
+			owner = folder.attributes["Owner"] || folder.parent.attributes["Owner"] || DEFAULT_FOLDER_OWNER
+			group = folder.attributes["Group"] || folder.parent.attributes["Group"] || DEFAULT_FOLDER_GROUP
+			mode =	folder.attributes["Mode"]	|| folder.parent.attributes["Mode"]	|| DEFAULT_FOLDER_MODE
+			clear =	folder.attributes["Clear"]	|| folder.parent.attributes["Clear"]	|| DEFAULT_FOLDER_MODE
+			mode = mode.oct()
+			clear = (clear == "true")
+			ensure_folder(path, owner, group, mode, clear)
+		}
+		@spec.elements.each("/Specification/Files/File") { |file|
+			path = file.text().strip()
+			owner = file.attributes["Owner"] || file.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
+			group = file.attributes["Group"] || file.parent.attributes["Group"] || DEFAULT_FILE_GROUP
+			mode =	file.attributes["Mode"]	|| file.parent.attributes["Mode"]	|| DEFAULT_FILE_MODE
+			mode = mode.oct()
+			source = file.attributes["Source"] || file.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
+			empty = file.attributes["Empty"] == "true"
+			overwrite = !(file.attributes["Overwrite"] == "false")
+			backup = file.attributes["Backup"] == "true"
+			ensure_file(path, owner, group, mode, source, empty, overwrite, backup)
+		}
+		@spec.elements.each("/Specification/Files/Link") { |link|
+			path = link.text().strip()
+			owner = link.attributes["Owner"] || link.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
+			group = link.attributes["Group"] || link.parent.attributes["Group"] || DEFAULT_FILE_GROUP
+			mode =	link.attributes["Mode"]	|| link.parent.attributes["Mode"]	|| DEFAULT_FILE_MODE
+			mode = mode.oct()
+			target = link.attributes["Target"] || link.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
+			ensure_link(path, owner, group, mode, target)
+		}
+		@spec.elements.each("/Specification/Allfiles") { |file|
+			path = file.text().strip()
+			owner = file.attributes["Owner"] || file.parent.attributes["Owner"] || DEFAULT_FILE_OWNER
+			group = file.attributes["Group"] || file.parent.attributes["Group"] || DEFAULT_FILE_GROUP
+			mode =	file.attributes["Mode"]	|| file.parent.attributes["Mode"]	|| DEFAULT_FILE_MODE
+			mode = mode.oct()
+			source = file.attributes["Source"] || file.parent.attributes["Source"] || DEFAULT_FILE_SOURCE
+			ensure_allfiles(path, owner, group, mode, source)
+		}
+		@spec.elements.each("/Specification/Zipfile") { |zipfile|
+			build_zip_file(zipfile)
+		}
+	end
+
+	# Detects if a user account exists with the given +uid+ and +name+
+	def user_exist?(uid, name)
+		begin
+			user1 = Etc.getpwuid(uid)
+			user2 = Etc.getpwnam(name)
+			raise unless user1 == user2
+			$log.info("User #{name}(#{uid}) already exists.")
+		rescue
+			return(false)
+		end
+		return(true)
+	end
+
+	# Creates a user account for the operating system
+	def create_user(uid, name, gid, uclass, gecos, home, shell, groups)
+		begin
+			FileUtils.mkdir_p(home) unless File.directory?(home)	# ensure no warning about missing folder
+			command = Files::Useradd + " -u #{uid} -g #{gid} -L #{uclass} "
+			command += "-c '#{gecos}' -d #{home} -s #{shell} -p '*************' "
+			command += "-G #{groups} " if groups.length > 0
+			command += " #{name} "
+			raise unless system(command)
+			$log.info("User #{name}(#{uid})created.")
+		rescue => e
+			$log.error("Unable to create user #{name}(#{uid})\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Detects if a group exists with the given +gid+ and +name+
+	def group_exist?(gid, name)
+		begin
+			group1 = Etc.getgrgid(gid)
+			group2 = Etc.getgrnam(name)
+			raise unless group1 == group2
+			$log.info("Group #{name}(#{gid}) already exists.")
+		rescue
+			return(false)
+		end
+		return(true)
+	end
+
+	# Create a group in the operating system
+	def create_group(gid, name)
+		begin
+			command = Files::Groupadd + " -v -g #{gid} #{name}"
+			raise unless system(command)
+			$log.info("Group #{name}(#{gid}) created.")
+		rescue => e
+			$log.error("Unable to create group #{name}(#{gid})\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Removes a folder unconditionally
+	def clear_folder(path)
+		begin
+			FileUtils.rm_rf(path)
+			$log.info("Removed folder #{path} in preparation for a fresh installation.")
+		rescue
+			$log.error("Unable to remove folder #{path} prior to installation.")
+			exit 1
+		end
+	end
+
+	# Creates a folder (and any intermediate parent folders), sets the ownership
+	# and permissions
+	def ensure_folder(path, owner, group, mode, clear)
+		begin
+			FileUtils.mkdir_p(path) unless File.directory?(path)
+			FileUtils.chown(owner, group, path)
+			FileUtils.chmod(mode, path)
+			$log.info("Ensured folder #{path} is owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
+		rescue => e
+			$log.error("Unable to ensure folder #{path} is owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Ensures that all specified files are moved into place with the correct ownership
+	# and permissions
+	def ensure_allfiles(path, owner, group, mode, source)
+		unless File.directory?(source)
+			$log.error("Missing source folder #{source} to install contents to #{path}")
+			exit 1
+		end
+		# modify the mode for folders so they are executable
+		perms = sprintf('%9b', mode)
+		perms[2] = "1"
+		perms[5] = "1"
+		perms[8] = "1"
+		folderMode = perms.to_i(2)
+		begin
+			Dir.chdir(source)
+			Dir["**/*"].each { |file|
+				targetPath = File.expand_path(file, path) # file could be app/media/shared/mypic.png
+				if File.directory?(file)
+					ensure_folder(targetPath, owner, group, folderMode, false)
+				else
+					ensure_file(targetPath, owner, group, mode, File.dirname(file), false, true)
+				end
+			}
+		rescue => e
+			$log.error("Unable to install allfiles from #{source} to #{path}\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Ensures that a file exists at the given path, with the
+	# ownership and permissions specified.
+	# The source file is derived from the source folder and path basename
+	# If the +empty+ parameter is +true+, create an empty file
+	# If <code>Overwrite="false"</code> then set ownerships and permissions but leave
+	# the contents alone (ie. create but no update)
+	# +path+ = full path to file to be created
+	# +source+ = folder within the project to copy file from
+	# If +backup+, preserve a copy of the original file if it has never been backed
+	# up yet (good for preserving original system config files)
+	def ensure_file(path, owner, group, mode, source, empty, overwrite=true, backup=false)
+		unless empty
+			sourceFile = File.expand_path(File.basename(path), source)
+			unless File.exist?(sourceFile)
+				$log.error("Missing source file #{sourceFile} to install to #{path}")
+				exit 1
+			end
+		end
+		begin
+			targetFolder = File.dirname(path)
+			unless File.directory?(targetFolder)
+				$log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
+				FileUtils.mkdir_p(targetFolder)
+			end
+			if empty
+				FileUtils.touch(path)
+			elsif !overwrite and File.exists?(path)
+				# preserve the contents
+			else
+				FileUtils.cp(path, path+"-original") if backup and not File.exist?(path+"-original")
+				FileUtils.cp(sourceFile, path)
+			end
+			FileUtils.chown(owner, group, path)
+			FileUtils.chmod(mode, path)
+			$log.info("Installed file #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
+		rescue => e
+			$log.error("Unable to install file #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Ensures that a link exists at the given path, with the ownership and permissions specified.
+	def ensure_link(path, owner, group, mode, target)
+		begin
+			targetFolder = File.dirname(path)
+			unless File.directory?(targetFolder)
+				$log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
+				FileUtils.mkdir_p(targetFolder)
+			end
+			FileUtils.ln_sf(target, path)
+			FileUtils.chown(owner, group, path)
+			FileUtils.chmod(mode, path)
+			$log.info("Installed link #{path} --> #{target}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
+		rescue => e
+			$log.error("Unable to install link #{path} --> #{target}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}")
+			exit 1
+		end
+	end
+
+	# Creates a zip archive from the specified files
+	def build_zip_file(zipfile)
+		begin
+			path = zipfile.elements["Zip"].text().strip()
+			owner = zipfile.elements["Zip"].attributes["Owner"] || "root"
+			group = zipfile.elements["Zip"].attributes["Group"] || "wheel"
+			mode	= zipfile.elements["Zip"].attributes["Mode"]	|| "0644"
+			mode = mode.oct()
+			filelist = []
+			zipfile.elements.each("Source") { |src|
+				sourceFile = src.text().strip()
+				unless File.exist?(sourceFile)
+					$log.error("Missing source file #{sourceFile} to add to zip archive #{path}")
+					exit 1
+				end
+				filelist << sourceFile
+			}
+			targetFolder = File.dirname(path)
+			unless File.directory?(targetFolder)
+				$log.warn("Missing folder #{targetFolder} is being created but may have wrong ownership and permissions.")
+				FileUtils.mkdir_p(targetFolder)
+			end
+			system("#{Files::Zip} #{path} #{filelist.join(' ')} ")
+			FileUtils.chown(owner, group, path)
+			FileUtils.chmod(mode, path)
+			$log.info("Created zip archive #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}")
+		rescue => e
+			$log.error("Unable to create zip archive #{path}, owned by #{owner}:#{group} with mode #{sprintf('%04o',mode)}\n#{e.message}\n#{e.backtrace}")
+			exit 1
+		end
+	end
+
+end
+end

data/lib/promotion/erb/crontab.erb

@@ -0,0 +1,19 @@
+#
+# /var/cron/tabs/<%= user %> - <%= user %>'s crontab
+#
+#minute hour    mday    month   wday    command
+#
+<% crontablist.each do |sched| %>
+<% if sched.attributes["Comment"] %>
+#______________________________
+# <%= sched.attributes["Comment"] %>
+<% end %>
+<% minute = sched.attributes["Minute"] || "*" %>
+<% hour   = sched.attributes["Hour"]   || "*" %>
+<% mday   = sched.attributes["DayOfMonth"] || "*" %>
+<% month  = sched.attributes["Month"]  || "*" %>
+<% wday   = sched.attributes["DayOfWeek"] || "*" %>
+<% cmd    = (sched.elements["Command"].cdatas[0]).value().strip() %>
+<%= minute + "\t" + hour + "\t" + mday + "\t" + month + "\t" + wday + "\t" + cmd %>
+
+<% end %>

data/lib/promotion/erb/profile.erb

@@ -0,0 +1,17 @@
+# This section of the file should not be edited
+# It was generated by the promotion application and will be overwritten
+# when the next promotion occurs.
+# The previous section will be preserved
+<% @specs.each do |spec|
+	spec.elements.each("/Specification/Environment") do |env|
+	env.elements.each("Variable") do |var|
+	t = var.cdatas.length > 0 ? var.cdatas[0].to_s() : var.text() %>
+export <%= var.attributes["Name"] %>="<%= t.strip() %>"<% end %>
+<% env.elements.each("Alias") do |ali|
+	t = ali.cdatas.length > 0 ? ali.cdatas[0].to_s() : ali.text()
+%><% if ali.attributes["Comment"] %><%= "\n# "+ali.attributes["Comment"]
+%><% end %>
+alias <%= ali.attributes["Name"] %>='<%= t %>' <%
+end
+end
+end %>

data/lib/promotion/erb/rc.conf.local.erb

@@ -0,0 +1,20 @@
+# This section of the file is generated by the promotion application
+# DO NOT EDIT THIS SECTION - your changes will be lost
+# You may edit the section before the promotion marker
+#______________________________
+# generated application flags
+<% daemonSpecs = @specs.reject {|s| s.elements["/Specification/Daemon"].nil? } %>
+<% daemonSpecs.sort!() do |a, b| %>
+<%   ap = a.elements["/Specification/Daemon"].attributes["Priority"].to_i || 10 %>
+<%   bp = b.elements["/Specification/Daemon"].attributes["Priority"].to_i || 10 %>
+<%   ap <=> bp %>
+<% end %>
+<% pkgScripts = [] %>
+<% daemonSpecs.each do |spec| %>
+<%= spec.attributes["Name"] %>_flags="<%= spec.elements["/Specification/Daemon"].attributes["Flags"] %>"
+<% pkgScripts << spec.attributes["Name"] %>
+<% end %>
+
+# rc.d(8) packages scripts
+# started in the specified order and stopped in reverse order
+pkg_scripts="<%= pkgScripts.join(" ") %>"

data/lib/promotion/erb/sudoers.erb

@@ -0,0 +1,22 @@
+# This section of the file should not be edited, even with visudo
+# It was generated by the promotion application and will be overwritten
+# when the next promotion occurs.
+# The previous section will be preserved
+
+Defaults timestamp_timeout=55
+
+root    ALL = (ALL) ALL
+# people in group wheel may run all commands
+%wheel  ALL = (ALL) ALL
+
+# Generated user privilege specifications
+<% @specs.each do |spec| %>
+<% spec.elements.each("/Specification/Sudoers/UserPrivilege") do |priv| %>
+<%= sprintf('%-16s', priv.attributes["User"]) %>
+<%= " ALL = " %>
+<% if priv.attributes["Runas"] %>(<%= priv.attributes["Runas"] %>) <% end %>
+<%= (priv.attributes["Password"] || "").downcase() == "true" ? " " : "NOPASSWD: " %>
+<%= priv.text().strip() %>
+
+<% end %>
+<% end %>

data/lib/promotion/evolver.rb

@@ -0,0 +1,126 @@
+module Promotion	# :nodoc:
+# The Evolver class evolves the database by executing migration scripts from the
+# evolve folder of the project being promoted
+#
+# This class may be invoked via promote or via evolve or devolve commands
+class Evolver
+
+	# Creates a new Evolver
+	def initialize(appname, evolve=true, targetVersion=nil)
+		@appname = appname
+		@evolve = (evolve == true)
+		@target = targetVersion.to_i()
+		@currentVersion = nil
+		@spec = get_spec()
+		db = @spec.elements["Database"]
+		@dbms = db.text()
+		@database = db.attributes["database"] || ""
+	end
+
+	# The deployment descriptor for an application should contain a single Database element
+	# in order to make use of the +evolve+ command. SQLite3 also needs a +database+
+	# attribute to specify the file to operate on.
+	#	<Database>/usr/bin/mysql</Database>
+	#	<Database database="/var/myapp/myapp.db">/usr/bin/sqlite3</Database>
+	def get_spec()
+		appFolder = File.expand_path(@appname, Folders::Staging)
+		Dir.chdir(appFolder)
+		specfile = File.expand_path(Files::Spec, appFolder)
+		unless File.exist?(specfile)
+			puts("\nSpecification file #{specfile} does not exist.\n" )
+			exit 1
+		end
+		doc = REXML::Document.new(File.new(specfile))
+		doc.root
+	end
+
+	# Gets the current version from the version file and calls evolve or devolve as required
+	def start()
+		versionFilename = File.expand_path("@version.#{@appname}", Folders::Staging)
+		if !File.exist?(versionFilename)
+			puts("We expect a version file at #{versionFilename} containing a single line")
+			puts("with the current version of the database (eg. 1001)")
+			exit 1
+		end
+		versionFile = File.new(versionFilename, 'r')
+		@currentVersion = versionFile.gets.chomp().to_i()
+		versionFile.close()
+		completed = @currentVersion
+		if @evolve
+			completed = evolve()
+		else
+			completed = devolve()
+		end
+		versionFile = File.new(versionFilename, 'w')
+		versionFile.puts(completed)
+		versionFile.close()
+		puts(" to version #{completed} ")
+	end
+
+	# Starts the database evolution:
+	# - find all of the relevant schema migration files in the +evolve+ folder
+	# - execute in sequence all migrations after the current version, updating the
+	#   version file with the latest successful version number
+	def evolve()
+		$log.info("\n#{'_'*40}\nEvolving the database #{@database}\n")
+		evolveFolder = File.expand_path("#{@appname}/evolve", Folders::Staging)
+		Dir.chdir(evolveFolder)
+		migrations = Dir["*.sql"].collect { |f| f.sub(".sql","").to_i() }.sort()
+		migrations.reject! { |v| v <= @currentVersion }
+		migrations.reject! { |v| v > @target } unless @target == 0
+		@target = migrations.last.to_i
+		if @target > @currentVersion
+			print("Evolving the database")
+		else
+			puts("Already at version #{@currentVersion}.")
+			exit 0
+		end
+		completed = @currentVersion
+		migrations.each { |v|
+			success = system("#{@dbms} #{@database} < #{v}.sql")
+			if success
+				$log.info("Evolved the database to version #{v}")
+				completed = v
+			else
+				$log.error("Failed to evolve the database to version #{v}.")
+				break
+			end
+		}
+		return(completed)
+	end
+
+	# Returns the database to an earlier schema version:
+	# - find all of the relevant schema migration files in the +devolve+ folder
+	# - execute in sequence all migrations from the current version down to
+	#   the target version
+	# - update the version file with the new version number
+	def devolve()
+		$log.info("\n#{'_'*40}\nDevolving the database #{@database}\n")
+		devolveFolder = File.expand_path("#{@appname}/devolve", Folders::Staging)
+		Dir.chdir(devolveFolder)
+		migrations = Dir["*.sql"].collect { |f| f.sub(".sql","").to_i() }.sort()
+		migrations.reject! { |v| v > @currentVersion }
+		migrations.reject! { |v| v <= @target }		# after devolving we are at the previous version
+		migrations.reverse!
+		if @target < @currentVersion
+			print("Devolving the database")
+		else
+			puts("Already at version #{@currentVersion}.")
+			exit 0
+		end
+		completed = @currentVersion
+		migrations.each { |v|
+			success = system("#{@dbms} #{@database} < #{v}.sql")
+			if success
+				$log.info("Devolved the database from version #{v}")
+				completed = v
+			else
+				$log.error("Failed to devolve the database from version #{v}.")
+				break
+			end
+		}
+		return(completed-1)	# after devolving we are at the previous version
+	end
+
+end
+end